Skip to content

Added another example named Github Releases into the Generic Repository #378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ssoni-cloudsmith wants to merge 1 commit into
base: main
Choose a base branch
from
+31 −2
Open

Added another example named Github Releases into the Generic Repository #378

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 31 additions & 2 deletions src/content/formats/generic-repository.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,9 +233,11 @@ In the upstream creation menu, define a name for your upstream and enter the ups

Please see our [Upstream Proxying](/repositories/upstreams#create-a-generic-upstream) documentation for further instructions on configuring upstreams.

### Example: Node.js Distributions
### Examples

This example demonstrates how upstream URLs, prefixes, and file paths work together.
#### Node.js Distributions

This example demonstrates how upstream URLs, prefixes, and file paths are applied when working with Node.js distributions.

**Upstream configuration:**
- **Upstream URL**: `https://nodejs.org/dist/`
Expand All @@ -261,6 +263,33 @@ curl -sLf -O 'https://generic.cloudsmith.io/OWNER/REPOSITORY/node_distributions/

The upstream prefix (`node_distributions`) ensures files from Node.js don't collide with files from other upstreams, even if they share identical file paths.

#### Github Releases
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heading uses "Github"; the correct product name is "GitHub" (also consistent with the earlier "- GitHub - GitHub Releases" entry in this file).

Suggested change
#### Github Releases
#### GitHub Releases

Copilot uses AI. Check for mistakes.

This example demonstrates how upstream URLs, prefixes, and file paths are applied when working with GitHub Releases.

**Upstream configuration:**
- **Upstream URL**: `https://api.github.com/repos/<owner>/<repo>/releases`
- **Upstream Prefix**: `github_releases`

**How paths are resolved:**

The upstream URL includes the base path (`/releases/`), so file paths are relative to that location.
To download `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz`, request the path `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` from Cloudsmith:

| Component | Value |
| :-------- | :---- |
| Upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases` |
| File path on upstream | `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
| Full upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
Comment on lines +271 to +283
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example appears to use the GitHub REST API endpoint (api.github.com/.../releases) as an upstream for downloading a binary asset, but that endpoint returns JSON metadata and doesn't host the release asset bytes. As a result, the described path resolution and the constructed "Full upstream URL" won't match the real asset download URL (which is under github.com/<owner>/<repo>/releases/download/...), and unauthenticated API calls are also subject to strict rate limiting. Consider updating the upstream URL and path mapping in the example to reflect the actual asset download URL structure (or explicitly document any required API-to-asset indirection/authentication if Cloudsmith handles it).

Suggested change
- **Upstream URL**: `https://api.github.com/repos/<owner>/<repo>/releases`
- **Upstream Prefix**: `github_releases`
**How paths are resolved:**
The upstream URL includes the base path (`/releases/`), so file paths are relative to that location.
To download `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz`, request the path `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` from Cloudsmith:
| Component | Value |
| :-------- | :---- |
| Upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases` |
| File path on upstream | `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
| Full upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
- **Upstream URL**: `https://github.com/<owner>/<repo>/releases/download`
- **Upstream Prefix**: `github_releases`
**How paths are resolved:**
The upstream URL includes the base path (`/releases/download/`), so file paths are relative to that location.
To download `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz`, request the path `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` from Cloudsmith:
| Component | Value |
| :-------- | :---- |
| Upstream URL | `https://github.com/aquasecurity/trivy/releases/download` |
| File path on upstream | `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
| Full upstream URL | `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |

Copilot uses AI. Check for mistakes.
Comment on lines +271 to +283
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example's "Full upstream URL" is inconsistent with the actual GitHub release asset URL shown above (.../releases/download/...). As written, https://api.github.com/repos/.../releases/v0.69.3/... is not a valid release asset download URL and will mislead readers trying to reproduce the behavior.

Suggested change
- **Upstream URL**: `https://api.github.com/repos/<owner>/<repo>/releases`
- **Upstream Prefix**: `github_releases`
**How paths are resolved:**
The upstream URL includes the base path (`/releases/`), so file paths are relative to that location.
To download `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz`, request the path `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` from Cloudsmith:
| Component | Value |
| :-------- | :---- |
| Upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases` |
| File path on upstream | `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
| Full upstream URL | `https://api.github.com/repos/aquasecurity/trivy/releases/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
- **Upstream URL**: `https://github.com/<owner>/<repo>/releases/download`
- **Upstream Prefix**: `github_releases`
**How paths are resolved:**
The upstream URL includes the base path (`/releases/download/`), so file paths are relative to that location.
To download `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz`, request the path `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` from Cloudsmith:
| Component | Value |
| :-------- | :---- |
| Upstream URL | `https://github.com/aquasecurity/trivy/releases/download` |
| File path on upstream | `v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |
| Full upstream URL | `https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |

Copilot uses AI. Check for mistakes.
| Upstream prefix | `github_releases` |
| Cloudsmith URL | `https://generic.cloudsmith.io/OWNER/REPOSITORY/github_releases/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz` |

**Download command:**

```shell
curl -sLf -O 'https://generic.cloudsmith.io/OWNER/REPOSITORY/github_releases/v0.69.3/trivy_0.69.3_Linux-ARM64.tar.gz'
```

### Upstream Priority

Upstream priority behaves differently for Generic repositories due to the nature of upstream prefixes. All upstreams within a prefix are given a priority of 1. Changing the priority setting does not impact package blending, as each upstream is uniquely namespaced within its own prefix.
Expand Down
Loading